Facilitating packet flow in a communication network implementing load balancing and security operations
First Claim
1. A method for facilitating packet flow in a communication network, comprising:
- receiving at a defender a request message sent from a node;
communicating, from the defender, the request message to a load balancer, the request message having a destination address associated with the load balancer, the load balancer configured to communicate the request packet to a network element server selected from a plurality of network element servers;
receiving, at the defender, a response message from the network element server, the response message comprising a reference to the request message;
determining, at the defender, that the response message has a source address different from the destination address of the request message, the source address identifying the network element server as a source;
in response to determining that the response message has a source address different from the destination address of the request message, determining, at the defender, whether the source address of the response message is included in a list of addresses of approved servers, the list of addresses of approved servers stored at the defender; and
communicating, from the defender, the response message to the node if the source address corresponds to an approved network element server.
1 Assignment
0 Petitions
Accused Products
Abstract
Facilitating packet flow in a communication network includes receiving at a defender a request packet sent from a node. The request packet is communicated to a load balancer operable to communicate the request packet to a network element server selected from a plurality of network element servers. The request packet has a destination address associated with the load balancer. A response packet is received from the network element server. The response packet has a tunnel endpoint address. Whether the tunnel endpoint address corresponds to an approved network element server is determined. The response packet is communicated to the node if the tunnel endpoint address corresponds to an approved network element server.
-
Citations
18 Claims
-
1. A method for facilitating packet flow in a communication network, comprising:
-
receiving at a defender a request message sent from a node; communicating, from the defender, the request message to a load balancer, the request message having a destination address associated with the load balancer, the load balancer configured to communicate the request packet to a network element server selected from a plurality of network element servers; receiving, at the defender, a response message from the network element server, the response message comprising a reference to the request message; determining, at the defender, that the response message has a source address different from the destination address of the request message, the source address identifying the network element server as a source; in response to determining that the response message has a source address different from the destination address of the request message, determining, at the defender, whether the source address of the response message is included in a list of addresses of approved servers, the list of addresses of approved servers stored at the defender; and communicating, from the defender, the response message to the node if the source address corresponds to an approved network element server. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A defender configured to facilitate packet flow in a communication network, comprising:
-
an interface configured to; receive a request message sent from a node; and a non-transitory computer-readable medium comprising logic coupled to the interface, the logic configured to; communicate the request message to a load balancer, the request message having a destination address associated with the load balancer, the load balancer configured to communicate the request packet to a network element server selected from a plurality of network element servers; the interface further configured to; receive a response message from the network element server, the response message comprising a reference to the request message; and the logic further configured to; determine that the response message has a source address different from the destination address of the request message, the source address identifying the network element server as a source; in response to determining that the response message has a source address different from the destination address of the request message, determine whether the source address of the response message is included in a list of addresses of approved servers, the list of addresses of approved servers stored at the defender; and communicate the response message to the node if the source address corresponds to an approved network element server. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. At least one non-transitory computer-readable medium storing instructions that, when executed by at least one processor, are configured to:
-
receive at a defender a request message sent from a node; communicate, from the defender, the request message to a load balancer, the request message having a destination address associated with the load balancer, the load balancer comprising a device and logic, the load balancer configured to communicate the request packet to a network element server selected from a plurality of network element servers; receive, at the defender, a response message from the network element server, the response message comprising a reference to the request message; determine, at the defender, that the response message has a source address different from the destination address of the request message, the source address identifying the network element server as a source; in response to determining that the response message has a source address different from the destination address of the request message, determine, at the defender, whether the source address of the response message is included in a list of addresses of approved servers, the list of addresses of approved servers stored at the defender; and communicate, from the defender, the response message to the node if the source address corresponds to an approved network element server.
-
-
13. A system for facilitating packet flow in a communication network, comprising:
-
a defender configured to; receive a request message sent from a node, the request message having a destination address associated with the load balancer; and a load balancer coupled to the defender, the load balancer configured to; receive the request message from the defender; and communicate the request message to a network element server selected from a plurality of network element servers; the defender further configured to; receive a response message from the network element server, the response message comprising a reference to the request message; determine that the response message has a source address different from the destination address of the request message, the source address identifying the network element server as a source; in response to determining that the response message has a source address different from the destination address of the request message, determine whether the source address is included in a list of addresses of approved servers, the list of addresses of approved servers stored at the defender; and communicate the response message to the node if the source address corresponds to an approved network element server. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification